Within cloud implementations, organizations list security as both an obstacle and opportunity in recent surveys conducted by EMA. By looking at your security environment, you can identify where weaknesses are and look at requirements for your industry, platform, etc. Within cloud environments specifically, providers build their platforms with security in mind first. Therefore, many security concerns [...]

In my last IoT blog, I talked about the history of IoT and the evolution of issues surrounding IoT devices. In this part of the series, we will expand on the issues around IoT and the data it collects. Research firms estimate that there will be between 20 billion and 30 billion IoT devices on Earth by 20201 and that they will [...]

The primary function of enterprise IT management is to empower end users with access to technology resources that will boost their productivity and job performance. However, this focus is at odds with the core precepts of IT security which are adopted to minimize the exposure of enterprise systems, applications, and data. I recall that in [...]

Nearly every day another successful breach is reported. In 2016 alone, organizations from major governmental agencies such as the IRS and Department of Defense, to major retailers including Wendy’s, have succumbed to attack. These organizations are not alone; every major business and governmental sector has been compromised. Large tech companies such as LinkedIn and Oracle, [...]

According to 2015 research reports published by Ponemon, Mandiant, and others, median intruder dwell time in a target network prior to detection ranges from just under to just over 200 days. That is a little over six months and as everyone agrees, totally unacceptable. How is it that an intruder can get into a network [...]

In many organizations, endpoints see virtually constant change. Users access, download, and utilize applications, data, drivers, files, toolbars, widgets, etc., introducing both new security threats and undocumented changes in systems and processes. For better or for worse, all of these activities leave their mark on the endpoint. HEAT has engaged in endpoint security at a [...]

One of the services that EMA provides to the tech industry is research. During the course of the year, numerous projects are launched to help IT consumers and vendors understand market perceptions. EMA then provides analysis and forecasts on trends based upon those perceptions. These projects have been continued in 2015. EMA has already had [...]

In preparation for my new ‘Achieving Hi-Fidelity Security’ research project, I thought I would post a relevant blog I wrote for InformationSecurityBuzz.com. I have packet capture data for forensics, isn’t that enough? No! Of late, I have briefed with a number of companies that provide full network packet capture capabilities. They tout its benefits and that [...]

Though cyber attacks have been around for years, in 2014 there was an explosion in the volume of attacks and a marked increase in the losses and damages they inflicted. In 2015, this does not seem to be lightening up. In February, Anthem health care insurers were compromised, putting 80 million current and former customers [...]

Historically, many organizations and personnel have been concerned about user activity monitoring (UAM). Certain business cultures feel that these activities are an invasion of privacy or are distrustful. However, in today’s Internet connected, data driven world, having specific information or data means the difference in being a market leader and being out of business. Identifying [...]